Archive for May 2010

My weekend project for the last couple of weeks has been to find out how to expose a website from my home computer.

And after doing so, it appears there are two requirements:

Instructing firewall to forward ports

Allowing requests through firewall on the target computer

I am using a SpeedTouch 585 forwarding to a laptop running Windows 7.

It is also recommended of course that you have a static ip address.

How to instruct router to forward a port

TIP: Ensure you don’t have an ip address conflict (i.e., more than one computer on the same ip address) on your network, perhaps that confuses things for forwarding. Giving whatever machine you’re forwarding to a static ip address probably makes sense — you won’t need to change anything when that machine joins network then.

I have a SpeedTouch 585, and I did it through the web interface:

Go to: “Home > Home Network > Devices > [device name]”

Select “Configure” from the upper right part of the screen (between “Overview” and “Help”)

From the “Connection Sharing” section, select “HTTP Server (World Wide Web)” from the list and press the “Add” button

You’re now forwarding all HTTP requests to your public ip address on port 80 to your selected device on port 80.

TIP: You cannot edit anything in the “Home > Toolbox > Game & Application Sharing > Game or Application Definition” list if it is assigned to something (The edit link is missing). Unassign it before you edit it.

TIP: You have to explicitly enable logging for each “Game of Application” you attach to a device, otherwise you’ll get no logging at all.

Even though it does display an amber light instead of green, I think this is just a forwarding record, not a warning.

That stuff about the forward_host_service chain is available via telnet. Telnet in to your router and open the chains list.

Here are the chains I have:

Name Description
-----------------------------------------------------------------
sink system
forward system
source system
sink_fire system
forward_fire system
source_fire system
forward_host_service system
forward_level system
sink_system_service system
forward_multicast system
forward_level_BlockAll system
forward_level_Standard system
forward_level_Disabled system

Which includes forward_host_service, which contains these rules (including number 3):

If you have problems with your rules, put the firewall into interactive mode (this will prompt you to allow or deny all incoming requests), run the test, accept the connection and inspect the rule it generates.

TIP: Take care with the executable, try the rule with and without to see if it makes a difference.